package com.codeyang.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 描述:
 * 1.接管security的登录认证请求
 * 2.注意在yml手动配置一个固定的账号用来访问认证的登录 ek中心
 *
 * @author CodeYang_Site
 * @version 2021/5/22 11:44
 */
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 接管http的认证请求
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //1.关闭跨站伪造验证
        http.csrf().disable();
        //2.单独放行ek的 健康检查的接口
        http.authorizeRequests()
                .antMatchers("/actuator/**")
                .permitAll();
        //其他的走表单验证请求认证放行,直接使用父类的
        super.configure(http);
    }
}
